Trespassers will be given due and fair warning

Back when I was at university, any attempt to log onto the Computer Science department machines would give you half a page of legalese telling you what you could or couldn’t do on those machines. I don’t seem to get that on any of my remote machines by default, so I thought I’d throw something up on there so that people attempting to connect to them would receive the same sort of thing.

This was inspired, in part, by this video I was watching the other day from the Stanford Law department covering changes that are being considered for the American Computer Fraud and Abuse Act. It’s also worth watching for the appearance by Ed Felton, who you may or may not recall from the whole MPAA DVD/DeCSS debacle back in the day.

So anyway, this is the type of message that I’m now sending to anyone connecting to external machines:

NOTICE TO USERS
This service is for authorised clients only.
This computer system is the private property of its owner, whether
individual, corporate or government. It is for authorized use only.
Users (authorised or unauthorised) have no explicit or implicit
expectation of privacy.
It is a criminal offence to:
i. Obtain access to data without authority
(Penalty 2 years imprisonment)
ii Damage, delete, alter or insert data without authority
(Penalty 10 years imprisonment)

Which I cribbed from some other website that I can’t appear to find at the moment, but appears to be fairly standard wording for Australian-based servers as far as my hazy memory of things is concerned. I’ve also added a website link to the message above which gives would-be users more detailed links to the various statutes and acts that govern computer misuse in various countries.

At any rate, copy that text into /etc/issue.net , and then add or uncomment this line in /etc/ssh/sshd_config:

Banner /etc/issue.net

hup the sshd server, and your message will be displayed to startled connectees in no time at all.

I’m also using this text as my vsftp banner, which is enabled by adding the following line to /etc/vsftpd.conf:

banner_file=/etc/issue.net

So that people connecting with FTP clients that display these sorts of things will display these sorts of things (the FTP client that is embedded into Windows Explorer doesn’t, unfortunately).

Plus: a similar thing for Windows™, that doesn’t work quite as well™

You can also display these messages before your Windows logon dialog box appears.

It turns out that, though, that these are displayed on the VM’s “physical” display (visible through the hypervisor) prior to being displayed on the VM’s “remote” display (visible through RDP).

So you need to acknowledge the messages on the physical display before you can acknowledge them on the RDP display. Therefore, unless you have access to the physical display (i.e. through a mechanism other than RDPing to the machine itself), then you probably don’t want to do these steps. If you understand this and still want to do it, then click the Whatever button to see the steps.

WhateverFine

Don’t say I didn’t warn you

You can also put these messages into your Windows logon windows by creating a login-legal-notice.reg file that looks like:

Notice the hex encoding of the REG_SZ value, since the windows registry editor (regedit) doesn’t normally allow newlines to be entered in these fields (these appear as box characters as shown in the screenshot below):

Newlines in regedit

If you import this file using the command line

C:\> regedit login-legal-notice.reg

You should get something like this before the standard windows logon dialog window:

Windows login notice

If you feel like using a slightly differently worded legal notice, you will need to encode in UTF16 (little-endian), and word wrap it in the way that regedit expects for it to work. You can use this perl script if you like:

Some people on the internet seem to like the registry location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system instead of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, but I can’t see any difference between the two (although the former will take precedence if both are set). The Group Policy Manager uses the former location as well.